[Trojan detected]

It has made a difference! I boot up like normal! woohoo! thanks Kevin!

[Trojan detected]

Hi Kevin, I completed the scan and it has finished.

I think the issue of boot hanging may be due to my motherboard being a duel boot BIOS? Before I had issued I would see my normal boot loader. Since having issues and it hanging I now see a much older boot loader. Is there a way to change it?

My MOBO: Gigabyte Z87X-UD3H-CF

SrtTrail.txt

Thanks Kevin.

[Trojan detected]

Nope, it just stays and maintains the same screen. So I restart my pc and usually it boots okay. sometimes booting back to hang. I also often get disk checks when I turn on my pc, but they never seem to solve the issue

 

[Trojan detected]

CBS.logI still hung in the bootloader whilst I restarted 😕

 

Thanks so much Kevin

[Trojan detected]

Fixlog.txt

[Trojan detected]

Hi Kevin, I didn't notice any issues before this really. Just that I was having high CPU usage all the time.

I do however have an issue when I boot, half the time I get stuck in the boot loader, it won't complete a boot cycle, but will hang there until I restart. Then it usually works. When boot is complete windows starts a system disk check? I've not been able to boot as usual for a while now and I'm not sure what the issue is. 

[Trojan detected]

Fixlog.txt

[Trojan detected]

Hi I completed the FRST SearchReg.txt

[Trojan detected]

Did I do the KVRT scan log bit correctly? 

In terms of the actual scan there were no objects decected.Fixlog.txt

 

Thank you so much for you help so far!

report_20200807_181140.txt

[Trojan detected]

amlwarescan.txtscan.txt

23 items detected, 22 quarantined. 

[Trojan detected]

Hi, I ran a malwarebytes threat scan yesterday and everything was clean.

Ran a windows defender scan and three trojans showed up; I removed them but when I completed another scan it showed up as threats being there. But I was unable to clear them for some reason. It won't show me the logs from windows defender so I cannot attach them. Addition.txtFRST.txt

 

My malwarebytes is running but its taken 2 hours so I'll update the logs when I get them. But it is currently saying 18 detections.

 

[75% CPU usage spikes. Am I Infected?]

Okay,

Thanks so much.

HARRY-PC.zip HARRY-PC other.zip

[75% CPU usage spikes. Am I Infected?]

Hi, I found no threats. Do you think this is an issue with my audio drivers? I'm still getting peaking at 75% cpu usage. Whats some good clean up advice? thanks.

[75% CPU usage spikes. Am I Infected?]

Hi I was hoping you could help,

ReInstalled Focusrite audio drivers recently as I was having strange audio issues connected with the cpu/health of my pc. A video/all my audio would suddenly disconnect and I wouldn't be able to hear them, then nothing would load on my Pc, but youtube would look "loading", as if the page still worked. So I reinstalled them.

I have also had a boot issue, when I turn my PC on it hangs on the "Gigabyte -----" screen until I force restart it, then it will load up to win 7 loading.

Now I've been having the problem of my CPU spiking up to 75% for prolonged periods of time; 5 minutes.

Am I infected? How can I fix this? Thanks.

Threat scan + FRST logs below.

Addition_23-04-2020 23.03.35.txt FRST_23-04-2020 23.03.35.txt Mthreatscan.txt

[Inbound and outbound connection blocked by malwarebytes]

I've been having blocked inbound and outbound connections from deluge and google chrome recently saying its a trojan or other malicious websites/connections. I will post a few logs so you know.

 

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 6:58 PM
Log File: 7151fc92-21c8-11ea-a0a8-00ff00fe27da.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16390
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Trojan
Domain: 
IP Address: 190.90.239.42
Port: 65327
Type: Inbound
File: C:\Program Files (x86)\Deluge\deluge.exe

(end)

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:57 PM
Log File: e3f87e1e-21bf-11ea-9cd8-00ff00fe27da.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16388
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Trojan
Domain: 
IP Address: 185.244.39.107
Port: 65327
Type: Inbound
File: C:\Program Files (x86)\Deluge\deluge.exe

(end)

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:18 PM
Log File: 647d1582-21ba-11ea-a06b-00ff00fe27da.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16384
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Malware
Domain: 
IP Address: 149.202.122.27
Port: 65327
Type: Outbound
File: C:\Program Files (x86)\Deluge\deluge.exe

(end)

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:09 PM
Log File: 1a8a9536-21b9-11ea-b50d-00ff00fe27da.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16384
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Fraud
Domain: trun.tom.ru
IP Address: 153.92.6.87
Port: 50194
Type: Outbound
File: C:\Program Files (x86)\Deluge\deluge.exe

(end)

I have also ran a FRST scan via this link; 

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Thanks.

Addition.txt FRST.txt Malwarethreatscan.txt

[I'm infected?]

I own malwarebytes premium, I keep getting blocked outgoing connections from google chrome.

I just completed a full malwarebytes scan with Rootkits and Scan within Archives that are both turned on. Here are the logs.

I have also just completed a scan of Adwcleaner, find attached, cleaned and scanned and restarted my computer.

MalwarebytesScanLogs.txt

AdwCleaner[S00].txt

[Potentially Infected?]

Will do. Thanks for the help Kevin. Everything seems fine now. No more pop-ups. Thanks for your service!

[Potentially Infected?]

Just now, kevinf80 said:

Is Malwarebytes not starting up at boot...?

It has that error message. I press OK then its in my taskbar icons. So I suppose its okay. Just seemed a little odd. It has been like that for a while.

[Potentially Infected?]

Just now, kevinf80 said:

What about the first step...?

Sorry

Fixlog.txt

[Potentially Infected?]

Zemana report:

Zemana AntiMalware 2.72.2.388 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/4/5
Operating System       : Windows 7 64-bit
Processor              : 4X Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 12DEDB5569ED3E7BAD9537
Scan Type              : System Scan
Duration               : 1m 38s
Scanned Objects        : 103318
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

ufh.exe
Status             : Scanned
Object             : %programfiles%\unknown file handler\ufh.exe
MD5                : 3C94A847629F30A1E215624F59D2918D
Publisher          : FTA APS
Size               : 134656
Version            : -
Detection          : Win32/Adware.FileTypeAssistant!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\unknown file handler\ufh.exe
                Registry Entry - HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" "%1"
                Registry Entry - HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" "%1"
                Registry Entry - HKLM\Software\Classes\*\shell\ ufh\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" /showinfo "%1"

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 

 

Also I get this when I boot up. 

[Potentially Infected?]

 

Done JRT:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Harry (Administrator) on 05/04/2017 at 20:40:30.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8 

Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UW2R696 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA5SU2PN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDKH0QCN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W1SRZI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UW2R696 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA5SU2PN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDKH0QCN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W1SRZI (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2017 at 20:42:49.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[Potentially Infected?]

Done ADWcleaner:

 

# AdwCleaner v6.045 - Logfile created 05/04/2017 at 20:33:39
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-04.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Harry - HARRY-PC
# Running from : C:\Users\Harry\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmlgikpahieigpcclckfmhnchdlfnjd
[-] Folder deleted: C:\_acestream_cache_
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoiidodopnnhiflaflbfeblnojefhigh

***** [ Files ] *****

[-] File deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aoiidodopnnhiflaflbfeblnojefhigh_0.localstorage
[-] File deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aoiidodopnnhiflaflbfeblnojefhigh_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3330130749-1166515165-1541732843-1001\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[-] Key deleted: HKU\S-1-5-21-3330130749-1166515165-1541732843-1001\Software\cain
[#] Key deleted on reboot: HKCU\Software\cain
[#] Key deleted on reboot: [x64] HKCU\Software\cain
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\EpicScale

***** [ Web browsers ] *****

[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aoiidodopnnhiflaflbfeblnojefhigh

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2210 Bytes] - [05/04/2017 20:33:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2377 Bytes] - [05/04/2017 20:32:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2356 Bytes] ##########
 

[Potentially Infected?]

Hey Kevin, thanks for the swift reply. Hopefully we can get this done tonight! :]

 

Addition.txt

FRST.txt

[Potentially Infected?]

Hi,

I currently own malwarebytes premium. Opened a website a few days ago with a persistent pop-up, accidentally clicked the wrong button. Heard my harddrive whirling up, so I instantly turned off my PC. Done a full Malware threat scan, but since then every so often I get a "Website outbound blocked" from Malwarebytes, often to giberish websites or "crackedmine.com" I have a few screenshots:

 

. Would like to do a full scan. I have three harddrives too, and I don't know if they are infected either. 

Would greatly appreciate if we could do a full system scan for anything else too. Thank you very much.